An administrator deployed vRealize Operations and has been tasked with ensuring that the VMware SDDC remains compliant to the VMware vSphere Security Configuration Guide. The compliance benchmark is showing that the VMware SDDC is not completely compliant to the standards.
Which three symptoms could have triggered a compliance alert? (Choose three.)
The compliance alert could be triggered by several symptoms. One possible cause is that the lockdown mode on a vSphere ESXi host is set to Disabled, as lockdown mode is a security feature that restricts direct access and it's recommended to be enabled. Another potential cause is that the SNMP service on a vSphere ESXi host is set to Disabled, which can be against the security guidelines if SNMP monitoring is required to ensure proper management and compliance. Additionally, having the Forged Transmit policy set to allow on a Distributed Port Group could be insecure as it allows forged Ethernet frames to be sent, which can undermine network security. Hence, the combination of these three factors aligns with common security guidelines and why they would trigger a compliance alert.
AEF, checked in hardening guide: https://core.vmware.com/vmware-vsphere-7-security-configuration-guide
I think its correct according the hardening document.
Correcting myself ABF
I think AEF is the correct.